* Jochen Roemling (jochen@roemling.net) wrote:> Chris Wright wrote:> > In case that part wasn't clear, it would be CAP_IPC_LOCK capability.> > > Thanks. Capset was the keyword I couldn't remember.> > _Background:_> I would like to install Oracle 10g Database on Linux with HUGETLB > support. The oracle binary exits with -EPERM because it is not allowed > to create a shared memory segment with the SHM_HUGETLB flag set.

OK, as expected.

> I installed the libcap2 package (from debian testing) and now have the > tool "setcap" available. I wanted to test this on my example pgm > mentioned in the original post using:> > roesrv01~ # setcap CAP_IPC_LOCK a.out> fatal error: Invalid argument> usage: setcap [-q] (-|<caps>) <filename> [ ... (-|<capsN>) <filenameN> ]> > using the number "14" instead of the name "CAP_IPC_LOCK" doesn't work > either. I don't have any glue. Do have a simple example for me?

did you try setpcaps? smth like setpcaps cap_ipc_lock+e <pid>

> By the way: CAP_IPC_LOCK is only checked in line 508 of ipc/shm.c:<snip>> if (!capable(CAP_IPC_LOCK)) {> err = -EPERM;> goto out;> }> > There is nothing around that says: "Allow this only without HUGETLB".> Are you sure that this capability is my problem?